5 ways to protect yourself from a KRACK attack

Last week a security researcher revealed there is a flaw in the WPA2, a wireless encryption standard used to keep Wi-Fi networks safe and secure.

By
Patrick Clover, founder of BLACKBX
| Oct 24, 2017

Share

TwitterFacebookLinkedInGoogle Plus

As the world now knows, there was a flaw in the WPA2. Until very recently most of the population would have been blissfully unaware of WPA2, unless they happened to work in the digital technologies industry or had a keen amateur interest in internet connectivity, never mind the massive hole in its security.

Following the recent announcement of this news a large part of the general public will now be able to tell you that WPA2 is the wireless encryption standard which is used to keep Wi-Fi networks safe and secure. They will also be able to tell you that following the discovery and publication by hackers of the weakness in its protocol, connecting to WPA2 Wi-Fi may leave you open to data theft and manipulation. That’s scary right?

The hack even has a scary name – KRACK. The name derives from the fact that details of this weakness were first published on krackattacks.com. The hack takes advantage of the discovery that some of the algorithms used in WPA2 encryption are not quite as random as they should be. With a bit of time and persistence a hacker could eventually force their way into a vulnerable wireless network.

The unfortunate thing is that this shortcoming is present in just about every piece of wireless hardware sold in the past few years. That includes all those amazing IoT connected gadgets and devices that you’ve bought to control with your phone. I’m sorry to inform you that deciding to finally change your passwords – we’ve all been meaning to change it from ‘admin123’ for a while - isn’t going to plug the hole either I’m afraid.

Right – now that I’ve got your attention I can tell you that it isn’t all doom and gloom. For a start some popular devices are already protected, for example, those that run on Windows and iOS, and for others a patch to protect devices is currently being worked on. In the meantime there are proactive steps that you can take to make sure you keep your data and identity safe when using Wi-Fi.

1. HTTPS

Hyper Text Transport Protocol Secure - the key here is the S on the end as it signifies that this is the secure version of the protocol which sends your data between your browser and the website that you are connected to. It encrypts all the information that is sent and means that even if a hacker had access, the information would be illegible and meaningless to them. This is the type of security that is used by most financial and ecommerce websites for example Amazon and eBay, but it is best practice check your browser for the little lock icon you see in your URL window (usually found at the top left of your screen) before you share any sensitive information.

2. Automatic security updates

The companies that make and sell routers and connection points for use in business and public areas have been aware of the weakness for some time. As you would expect they have already started to release updates and patches to close off the problem. Suppliers such as MikroTik, Ubiquiti and Aruba have been releasing automatic updates and should no longer be vulnerable. If you are nervous about using public Wi-Fi, then remember – it’s OK to ask if it has had a patch applied. If you can’t get an answer or are still nervous then use 3 or 4G until you are sure you are safe.

3. Update your router firmware

You’ll no doubt have a wireless router in your home that you got from your ISP or bought yourself. Well, you’ll need to do a little bit of work on this to get it secure. To fix the security vulnerabilities you need to upgrade the firmware in your router, a process known as ‘flashing’. Don’t worry, it’s not as difficult as it sounds but you will need to find and follow the manufacturers instructions that came with the router. If you can’t find it then don’t panic, as most can be found online these days. It’s fairly quick and relatively simple to do but take care to follow the steps correctly as it can be easy to make mistakes, which may result in a visit to computer or IT specialist shop to sort.

4. Use a VPN

Most people associate VPNs (virtual private network) as a means of pretending you are in another country so that you can watch their Netflix (or other streaming services) content but it does have an excellent practical security use. By using a VPN you are effectively building a tunnel between your device and the data destination. This means that even if the network has been compromised the intercepted data is going to be pretty much useless to any third party as it will be heavily encrypted. There are a number of VPN services and apps out there – shop around until you find the one that suits you.

5. Keeping your business Wi-Fi safe

If you provide free wireless internet to customers then you need to assure them that what they are logging onto is safe. If you have your password on a small blackboard on the counter then its unlikely that it is. Using a public Wi-Fi service provider means that you and your customers have peace of mind. The login process is done by signing up securely and uses unique details such as email addresses or social media logins and will automatically log the customer back in on their return. Another advantage is that public Wi-Fi companies will ensure that all automatic updates are applied exactly as stated i.e. automatically.

So, hopefully you see the KRACK attack is not the end of the Wi-Fi world as we know it. These are just some of ways that you can keep yourself safe and secure when you’re browsing or logging in in public. Remember, it pays to be aware of the risks and to be judicious about what you look at and access in public.